Home

Description

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.

PUBLISHED Reserved 2024-10-10 | Published 2025-12-17 | Updated 2025-12-18 | Assigner cisco




CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2025-12-17 | Due date 2025-12-24

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

Improper Input Validation

Product status

Default status
unknown

14.0.0-698
affected

13.5.1-277
affected

13.0.0-392
affected

14.2.0-620
affected

13.0.5-007
affected

13.5.4-038
affected

14.2.1-020
affected

14.3.0-032
affected

15.0.0-104
affected

15.0.1-030
affected

15.5.0-048
affected

15.5.1-055
affected

15.5.2-018
affected

16.0.0-050
affected

15.0.3-002
affected

16.0.0-054
affected

15.5.3-022
affected

16.0.1-017
affected

Default status
unknown

13.6.2-023
affected

13.6.2-078
affected

13.0.0-249
affected

13.0.0-277
affected

13.8.1-052
affected

13.8.1-068
affected

13.8.1-074
affected

14.0.0-404
affected

12.8.1-002
affected

14.1.0-227
affected

13.6.1-201
affected

14.2.0-203
affected

14.2.0-212
affected

12.8.1-021
affected

13.8.1-108
affected

14.2.0-224
affected

14.3.0-120
affected

15.0.0-334
affected

15.5.1-024
affected

15.5.1-029
affected

15.5.2-005
affected

16.0.0-195
affected

15.5.3-017
affected

16.0.1-010
affected

15.0.1-035
affected

16.0.2-088
affected

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-20393 government-resource

sec.cloudapps.cisco.com/...dvisory/cisco-sa-sma-attack-N9bf4 (cisco-sa-sma-attack-N9bf4)

cve.org (CVE-2025-20393)

nvd.nist.gov (CVE-2025-20393)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.